The current stable version of sudo is
1.6.9p17.
Major changes from version 1.6.9p16 to 1.6.9p17:
- The -i flag now implies resetting the environment, as it did in
sudo version prior to 1.6.9.
- Fixed the configure test for dirfd() under Linux.
- Fixed the configure test for whether -lintl is required.
- Changed how sudo handles the child process when sending mail.
This fixes a problem on Linux with the mail_always option.
- Fixed a problem with line continuation characters inside of
quoted strings.
Major changes from version 1.6.9p15 to 1.6.9p16:
- There was missing whitespace before the ldap libraries in the Makefile
for some configurations.
- LDAPS_PORT may not be defined on older Solaris LDAP SDKs.
- If the LDAP server could not be contacted and the user was not present
in sudoers, a syntax error in sudoers was incorrectly reported.
Major changes from version 1.6.9p14 to 1.6.9p15:
- Fixed the installation of sudo_noexec.so on AIX.
- Updated libtool to version 1.5.26.
- Fixed printing of the default SELinux role and type in -V mode.
- The HOME environment variable is once again preserved by default,
as per the documentation.
Major changes from version 1.6.9p13 to 1.6.9p14:
- Fixed an invalid assumption in the PAM conversation function
introduced in version 1.6.9p9. The conversation function may
be called for non-password reading purposes as well.
- Fixed freeing an uninitialized pointer in -l mode, introduced in
version 1.6.9p13.
- Sudo will now check /etc/sudoers after LDAP even if the user was found
in LDAP. This allows Defaults options in /etc/sudoers to take effect.
- Added a missing check for enforcing mode in the SELinux RBAC support.
Major changes from version 1.6.9p12 to 1.6.9p13:
- Sudo will now set the nproc resource limit to unlimited on Linux
systems to work around Linux's setuid() resource limit semantics.
On PAM systems the resource limits will be reset by pam_limits.so
before the command is executed.
- SELinux support that can be used to implement role based access
control (RBAC). A role and (optional) type may be specified
in sudoers or on the command line. These are then used in the
security context that the command is run as.
- Fixed a Kerberos 5 compilation problem with MIT Kerberos.
Major changes from version 1.6.9p11 to 1.6.9p12:
- Added a configure check for the ber_set_option() function.
- Fixed a compilation problem with the HP-UX K&R C compiler.
- Revamped the Kerberos 5 ticket verification code.
- Added support for the checkpeer ldap.conf variable for
netscape-based LDAP SDKs.
- Fixed a problem where an incomplete password could be echoed
to the screen if there was a read timeout.
Major changes from version 1.6.9p10 to 1.6.9p11:
- Fixed a compilation problem on SCO UNIX related to how it
stores the high resolution timestamps in struct stat.
- Avoid checking the passwd file group multiple times
in the LDAP query when the user's passwd group is also
listed in the supplemental group vector.
- The URI specifier can now be used in ldap.conf even when
the LDAP SDK doesn't support ldap_initialize().
- New %p prompt escape that expands to the user whose password
is being prompted, as specified by the rootpw, targetpw and
runaspw sudoers flags. Based on a diff from Patrick Schoenfeld.
Major changes from version 1.6.9p9 to 1.6.9p10:
- Moved LDAP options into a table for simplified parsing/setting.
- Fixed a problem with how some LDAP options were being applied.
- Added support for connecting directly to LDAP servers via SSL/TLS
for servers that don't support the start_tls extension.
Major changes from version 1.6.9p8 to 1.6.9p9:
- The ALL command in sudoers now implies SETENV permissions.
- The command search is now performed using the target user's
auxiliary group vector, not just the target's primary group.
- When determining if the PAM prompt is the default "Password: ",
compare the localized version if possible.
- New passprompt_override option in sudoers to cause sudo's prompt
to be used in all cases. Also set when the -p flag is used.
Major changes from version 1.6.9p7 to 1.6.9p8:
- Fixed a bug where a sudoers entry with no runas user specified
was treated differently from a line with the default runas
user explicitly specified.
Major changes from version 1.6.9p6 to 1.6.9p7:
- Go back to using TCSAFLUSH instead of TCSADRAIN when turning
off echo during password reading.
- Fixed a configure bug that was preventing the addition of -lutil for
login.conf support on FreeBSD and NetBSD.
- Add configure check for struct in6_addr since some systems define
AF_INET6 but have no real IPv6 support.
Major changes from version 1.6.9p5 to 1.6.9p6:
- Worked around bugs in the session support of some PAM implementations.
The full tty path is now passed to PAM as well.
- Sudo now only prints the password prompt if the process is in the
foreground.
- inttypes.h is now included when appropriate if it is present.
- Simplified alias allocation in the parser.
Major changes from version 1.6.9p4 to 1.6.9p5:
- Fixed a bug in the IP address matching introduced by the IPV6 merge.
- For "visudo -f file" we now use the permissions of the original file
and not the hard-coded sudoers owner/group/mode. This makes
it possible to use visudo with a revision control system.
- Fixed sudoedit when used on a non-existent file.
- Regenerated configure using autoconf 2.6.1 and libtool 1.5.24.
- Groups and netgroups are now valid in an LDAP sudoRunas statement.
Major changes from version 1.6.9p3 to 1.6.9p4:
- Added IPv6 support from YOSHIFUJI Hideaki.
- Fixed the sudo_noexec installation path.
- Fixed a compilation error on old K&R-style compilers.
Major changes from version 1.6.9p2 to 1.6.9p3:
- Fixed a bug related to supplemental group matching introduced
in sudo 1.6.9.
Major changes from version 1.6.9p1 to 1.6.9p2:
- Fixed updating of the saved environment when the environ pointer
gets changed out from underneath us.
Major changes from version 1.6.9 to 1.6.9p1:
- Worked around a bug ins some PAM implementations that caused a crash
when no tty was present.
- Fixed a crash on some platforms in the error logging function.
- Documentation improvements.
Major changes from version 1.6.8p12 to 1.6.9:
- The env_reset option is enabled by default.
Commands run through sudo now receive a minimal environment
with certain variables passed through and/or checked. The
list of variables allowed is configurable via the env_keep
and env_check options in sudoers.
- The new -E option will preserve the environment if the
SETENV tag is set for the command or if the setenv
sudoers option is enabled.
- Environment variables may now be set on the command line in
the form VAR=value. They are subject to the same
restrictions as normal environment variables. If the
SETENV tag is set for the command or if the setenv
sudoers option is enabled, the user may set variables that
would overwise be forbidden.
- Fixed a file descriptor leak when the lecture file option is enabled.
- Expanded the list of potentially unsafe variables to remove from the
environment if the env_reset option is disabled.
- PAM is now the default on systems that support it.
- Removed POSIX saved uid use; the stay_setuid option now
requires the setreuid() or setresuid() functions to work.
- Reworked configure with up to date autoconf and libtool.
- PAM fixes. If the user enters ^C at the password prompt,
abort instead of trying to authenticate with an empty password
(which causes an annoying delay). Also Call pam_open_session()
and pam_close_session() to give pam_limits a chance to run.
- Security fix for Kerberos5. If we cannot get a valid service
key using the default keytab it is a fatal error. Now uses
krb5_verify_user() and krb5_init_secure_context() if they
are available.
- Fixed securid5 authentication.
- Added fcntl F_CLOSEM support to closefrom().
- Added NOEXEC support for AIX 5.3.
- Sudo now uses the supplemental group vector for matching.
This fixes problems with split group lines in /etc/group
as well as multiple group sources in nsswitch.conf.
- Mail from sudo now includes an Auto-Submitted: auto-generated
header ala rfc 3834.
- Remove the --with-execv option, it was not useful.
- Use TCSADRAIN instead of TCSAFLUSH in tgetpass() since
some operating systems have issues with TCSAFLUSH.
- Use glob(3) instead of fnmatch(3) for matching pathnames
and stat() each result that matches the basename of the user's
command. This makes "cd /usr/bin ; sudo ./blah" work when
sudoers allows /usr/bin/blah.
- Reworked the syslog long line splitting code.
- Sudo can now with deal more than 32 network interfaces on
Solaris.
- Visudo will now honor command line arguments in the EDITOR or
VISUAL environment variables if env_editor is enabled.
- LDAP now honors rootbinddn, timelimit and bind_timelimit in
/etc/ldap.conf.
- For LDAP, do a sub tree search instead of a base search (one
level in the tree only) for sudo right objects. This allows
system administrators to categorize the rights in a tree to
make them easier to manage.
- Added support for Solaris 10 project resource limits.
- The sudoers2ldif script now parses Runas users.
- The -- flag on the command line now behaves
as documented.
- sudo -k/-K no longer prints an error if the timestamp is in the future.
- When searching for a command, sudo now uses the effective gid
of the runas user.
- Sudo no longer updates the timestamp if the user was not validated
by the sudoers file.
- Sudo now rebuilds the environment regardless of how it was invoked.
For full details see the CHANGES
file or view the commit logs via
cvsweb.